How easily can ISP/mobile network operator employees read or decode traffic data?



  • When I sign up for a mobile subscription or internet connection with my ISP (also a mobile network operator), the company's privacy policy says that certain information is processed such as personal data (name, phone number, address etc) and metadata which is generated through my use of the services (conversation length, start time, end time, mobile positioning, how the services are used etc).

    But I guess it is a given that the voice data of mobile calls and actual internet traffic (URLs, chat messages, mail contents, skype calls etc) are also processed.

    I know for a fact that the operator is under legal obligation to allow law enforcement access to some degree of wire tapping, given they provide a legal warrant from a judge. That should prove that the processing also extends to the raw data of customers' interaction with the network.

    How easily can an employee, e.g. an administrator of some sort in the mobile operator's different systems, by their own accord gain access to such data about a customer's mobile calls, internet traffic and so on?

    Are there descriptions readily available of the processes that protect user data from such prying at some well-known operators? Are there publicized examples of cases of such prying or spying that have been uncovered by media or colleagues or privacy activists?



  • As already said, the ISP can't read any encrypted data. However, they could access metadata which can provide information on which domains you access, what kind of devices you use, which operating systems you use, which programs you use, how much traffic you generate, when you generate it ... With mobile internet they also have access to location data. Even with TLS they could maybe determine what URL you visit. Also even nowadays not everything is encrypted.

    Combined, this already provides a lot of information on what you are doing online. It would also make attacks against your devices easier in case they want to get around encryption. Note that the ISP might not be the only three letter agency listing on the wire. Some others are constantly listening on internet exchange points. I think you are going to find some public examples for those 😉



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2